Sign-up

ID

VAR-202408-0547


CVE

CVE-2024-41616


TITLE

D-Link Systems, Inc.  of  DIR-300  Vulnerability related to use of hardcoded credentials in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-005489

DESCRIPTION

D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. D-Link Systems, Inc. of DIR-300 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-41616 // JVNDB: JVNDB-2024-005489

AFFECTED PRODUCTS

vendor:dlinkmodel:dir-300scope:eqversion:1.06b05_ww

Trust: 1.0

vendor:d linkmodel:dir-300scope:eqversion:dir-300 firmware 1.06b05 ww

Trust: 0.8

vendor:d linkmodel:dir-300scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:dir-300scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-005489 // NVD: CVE-2024-41616

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-41616
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-41616
value: HIGH

Trust: 1.0

NVD: CVE-2024-41616
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2024-41616
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-41616
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-41616
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-005489 // NVD: CVE-2024-41616 // NVD: CVE-2024-41616

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:CWE-259

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005489 // NVD: CVE-2024-41616

EXTERNAL IDS

db:NVDid:CVE-2024-41616

Trust: 2.6

db:JVNDBid:JVNDB-2024-005489

Trust: 0.8

sources: JVNDB: JVNDB-2024-005489 // NVD: CVE-2024-41616

REFERENCES

url:https://github.com/lyaobol/iotsec/blob/main/d-link/dir300/cve-2024-41616

Trust: 1.8

url:https://github.com/lyaobol/iotsec/blob/main/d-link/dir300/d-link300.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-41616

Trust: 0.8

sources: JVNDB: JVNDB-2024-005489 // NVD: CVE-2024-41616

SOURCES

db:JVNDBid:JVNDB-2024-005489
db:NVDid:CVE-2024-41616

LAST UPDATE DATE

2024-08-22T03:42:56.759000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-005489date:2024-08-16T04:58:00
db:NVDid:CVE-2024-41616date:2024-08-07T20:54:20.793

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-005489date:2024-08-16T00:00:00
db:NVDid:CVE-2024-41616date:2024-08-06T16:15:49.260